>> >> A lot of changes to the code in this area from what I see, basically the >> auth stuff is not applied to the callback code at all any more :( I can >> see that the protect_uri code wasn't helpful for the stand-alone >> executable but for embedded use with callbacks it was really neat! >> >> Does the DAV or PUT auth help me at all? If so, how do I drive it? > > > DAV mutations are authorized against dav_auth_file, but they won't trigger > for the callback. URI handlers are executed with no auth checks, to give > the developer a decision power. For example, one might decide to implement > cookie-based authentication. > > What we might do is to expose a function, say, > mg_authorize_digest(const char *authorization_header, const char > *auth_file) > > Then it'll be easy for you to do what you've done before, and, actually, > that > would be even more flexible and powerful then protect_uri option. > > Thoughts?
That works for me as I'll setting protect_uri programatically already so doing the authorisation at callback time is not a problem. So long as the auth lasts for the whole session (not sure how it works once the browser client has provided the user 'login' details). I'll put the upgrade on the back burner for a while and await the mods :) Cheers -- Robin Gilks -- You received this message because you are subscribed to the Google Groups "mongoose-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/mongoose-users. For more options, visit https://groups.google.com/groups/opt_out.
